MySQL CVE-2006-3469

Tim Thome tthome at cox.net
Fri Jul 28 21:00:58 UTC 2006


John,

It affects FC3 and earlier as included with the distributions. FC4 is  
currently including 4.1.20 on the updates-released directory.

Do note that FC3 can run the regular mysql rpm's as provided by  
mysql... so an advisory should be posted (imho)...

Not sure about FC1/2 (I moved over to FC3 from another distro)

Tim



On Jul 28, 2006, at 1:13 PM, John Dalbec wrote:

> Does this affect Fedora-Legacy?
>
> 06.29.31 CVE: CVE-2006-3469
> Platform: Cross Platform
> Title: MySQL Server Date_Format Denial of Service
> Description: MySQL is susceptible to a remote denial of service
> vulnerability because the database server fails if the "select
> date_format" SQL function is called with "('%d%s', 1);" argument.
> MySQL versions prior to 4.1.18, 5.0.19 and 5.1.6 are affected.
> Ref: http://www.securityfocus.com/bid/19032
>
> --
> fedora-legacy-list mailing list
> fedora-legacy-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-legacy-list




More information about the fedora-legacy-list mailing list